Authentication

All requests to the AgentMetrics API require a valid SDK key in the Authorization header.

SDK keys

SDK keys are prefixed with am_live_. Generate one from Settings in your dashboard.

Shell

Authorization: Bearer am_live_xxxxxxxxxxxxxxxxxxxx

Key security

Keys are hashed with HMAC-SHA256 before being stored. We never store the plaintext key.
If a key is lost, it cannot be recovered. Rotate it from Settings, which immediately invalidates the old key.
Store keys in environment variables, never in source code or version control.
Keys committed to repositories should be rotated immediately.

From your dashboard: Settings > API Key > Rotate key. Rotation is immediate. Update the AGENTMETRICS_API_KEY environment variable in all environments before rotating, or expect a brief period of 401 responses.

Error responses

Code	Meaning
`401`	Missing `Authorization` header, or key is invalid or revoked

JSON

{
  "error": {
    "code": "invalid_api_key",
    "message": "The API key provided is invalid or has been revoked."
  }
}

PreviousOverview

NextEvents

GitHub

Authentication

SDK keys

Key security

Rotating a key

Error responses